This article was originally published in Security Magazine.
Cyber attacks are becoming so normal that a new record-breaking 40% of companies have experienced more than six attacks. Meanwhile 85% of companies experienced at least one successful attack. This is according to new CyberEdge Group research surveying 1,200 security professionals across 17 countries. Cyber threats are increasingly popping out of nooks and crannies because companies today have more blind spots that can cost $4 million per data breach and even $5+ million when a remote worker was the root cause. Today, illuminating security obscurities is no longer optional. Here are three common blind spots and simple ways to flip on the light switch.
Three Common Security Blind Spots
Business owners can be blindsided by cybersecurity attacks for many reasons, but at Masergy we find the three most common as:
- Invisibility — In short, IT complexities cause blind spots. Corporate networks are not single entities but patchworked systems that are complex to see and monitor. Remote work and the cloud have only made things worse. Research from analyst firm Nemertes shows that ¾ of traffic starts and/or stops outside the boundaries of the corporate network. Plus, multi-cloud environments make it difficult to control what’s happening. Additionally, supply chain vulnerabilities expand the surface of the network. The way data has become unleashed, there may never be a way to make all blind spots visible.
- Awareness — Business leaders simply aren’t aware of how sophisticated, efficient, and easy it has become for modern-day attackers to infiltrate an environment, remain unnoticed, and wreak havoc from the inside out.
The most widely adopted business applications and cloud-based services have become favorite targets for bad actors, and it is easy for them to hide their own presence as well as their attack files—essentially making detection nearly impossible. In some instances, detection evasion can be simply a matter of one click—to downgrade a license from a high level of security protection to an older one where hiding is easy. These cloud environments are accessible from anywhere in the world, and IT professionals are failing to secure the authentication mechanisms governing them.
- Mindset — Most business leaders don’t think their business is a target—particularly for those in “tame” industries like museums and schools for example. Yet the education/research sector sustained the most attacks in 2021. In fact, every organization has critical information that they value and/or need to protect, which explains why ransomware rates are up 62% year-over-year. And the cost of recovering from an attack often goes beyond paying the ransom, since the operational costs required to “get back to normal” are typically the highest cost component of the breach price tag.
Security and ransomware protection isn’t just for healthcare and financial services companies. In fact, we need to dispel the myth that cyberattacks are targeted. Nothing could be further from the truth. You don’t need to become a target to become a victim. The attitude shift has begun, but we still have a long way to go.
Flipping on the Light Switch
When these are the trends, it’s no surprise that 76% of security and IT leaders are bracing for a breach impact, believing a successful attack is likely. So how can we uncover, manage and better protect the security vulnerabilities that lie beneath the growing hybrid surface?
Tackle Cloud Security. Companies across every industry use cloud solutions, so every company needs to be concerned about cloud security. Cloud solutions raise security concerns because they fundamentally shift the roles and responsibilities of security between the client and the cloud provider. Solutions create a new shared security model, which becomes a gray area causing misunderstandings. If the client and provider don’t each do their part, the whole security model fails. That’s a vulnerability no company can afford—no matter what industry.
Here are my tips:
- Seek out Shadow IT discovery solutions that help you prioritize the list of your unauthorized applications in terms of security risk.
- Only CASB technology has the power to simplify security for the hundreds and thousands of cloud applications your business has in use.
- Back these technologies and programs with a security response team empowered to take swift action.
Sharpen Security at the Edge—Each Endpoint. End users and vulnerable endpoints are the root cause behind ransomware. When ransomware is up 150%, the countermeasure is endpoint detection and response systems. Endpoint Detection and Response (EDR) solutions can solve common everyday security vulnerabilities for companies of all sizes and across all industries. That helps explain why EDR is being recognized as the single most effective security spend available on the market today. Yet, only 55% of companies currently have EDR in use.
- Antivirus is not enough. Standard signature-based antivirus technologies have little to no chance in helping you fight against sophisticated ransomware threats. Ensure your EPP does not rely on attack signatures or unique indicators of compromise, all of which can change quickly or be previously unseen.
- Leverage advanced analytics to quickly identify potential threats. Endpoint protection without machine learning and behavioral analytics are essentially useless.
- Thinking about cyber insurance? Endpoint security is often a prerequisite—it will be required before you can be insured.
Assume Bad Actors are Already Inside. In 2021, exploited zero-day attacks more than doubled when compared to 2020. Zero-day vulnerabilities are those that are unknown and unpatched. When discovered, it often means that hackers have already exploited the opportunity—they’re already inside your systems.
- Proactive 24/7 security threat monitoring is the best protection, and the network is the key. All threats generate observable events inside the network. If you keep your eyes on the network, you’ll find their signature evidence like a trail of breadcrumbs.
- Zero Trust isn’t a cure-all. Yes, Zero Trust security architectures are today’s best strategies, but sometimes Zero Trust is not always possible when it comes to mobile phones and hardware built with uncontrolled components. Supply chain or hardware-based attacks will still prevail. So, never let up on your proactive security monitoring and rapid response.
- Don’t go at it alone. Security isn’t a do-it-yourself exercise, mainly when security talent is scarce. Lean on trusted partners to help you get the strategy, process, talent, and technology right.